CVE-2021-30309

EPSS 0.05%
Published 11.02.2022 11:15:07
Last modified 21.11.2024 06:03:46
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Mdm9650 Firmware Version-

Qualcomm ≫ Mdm9650 Version-

Qualcomm ≫ Qca6174a Firmware Version-

Qualcomm ≫ Qca6174a Version-

Qualcomm ≫ Qca6390 Firmware Version-

Qualcomm ≫ Qca6390 Version-

Qualcomm ≫ Qca6391 Firmware Version-

Qualcomm ≫ Qca6391 Version-

Qualcomm ≫ Qca9377 Firmware Version-

Qualcomm ≫ Qca9377 Version-

Qualcomm ≫ Qcm6125 Firmware Version-

Qualcomm ≫ Qcm6125 Version-

Qualcomm ≫ Qcs410 Firmware Version-

Qualcomm ≫ Qcs410 Version-

Qualcomm ≫ Qcs603 Firmware Version-

Qualcomm ≫ Qcs603 Version-

Qualcomm ≫ Qcs605 Firmware Version-

Qualcomm ≫ Qcs605 Version-

Qualcomm ≫ Qcs610 Firmware Version-

Qualcomm ≫ Qcs610 Version-

Qualcomm ≫ Qcs6125 Firmware Version-

Qualcomm ≫ Qcs6125 Version-

Qualcomm ≫ Sd660 Firmware Version-

Qualcomm ≫ Sd660 Version-

Qualcomm ≫ Sd665 Firmware Version-

Qualcomm ≫ Sd665 Version-

Qualcomm ≫ Sd690 5g Firmware Version-

Qualcomm ≫ Sd690 5g Version-

Qualcomm ≫ Sd730 Firmware Version-

Qualcomm ≫ Sd730 Version-

Qualcomm ≫ Sd765 Firmware Version-

Qualcomm ≫ Sd765 Version-

Qualcomm ≫ Sd765g Firmware Version-

Qualcomm ≫ Sd765g Version-

Qualcomm ≫ Sd768g Firmware Version-

Qualcomm ≫ Sd768g Version-

Qualcomm ≫ Sd865 5g Firmware Version-

Qualcomm ≫ Sd865 5g Version-

Qualcomm ≫ Sd870 Firmware Version-

Qualcomm ≫ Sd870 Version-

Qualcomm ≫ Sdx12 Firmware Version-

Qualcomm ≫ Sdx12 Version-

Qualcomm ≫ Sdx55m Firmware Version-

Qualcomm ≫ Sdx55m Version-

Qualcomm ≫ Sdxr1 Firmware Version-

Qualcomm ≫ Sdxr1 Version-

Qualcomm ≫ Sm7250p Firmware Version-

Qualcomm ≫ Sm7250p Version-

Qualcomm ≫ Wcd9326 Firmware Version-

Qualcomm ≫ Wcd9326 Version-

Qualcomm ≫ Wcd9335 Firmware Version-

Qualcomm ≫ Wcd9335 Version-

Qualcomm ≫ Wcd9341 Firmware Version-

Qualcomm ≫ Wcd9341 Version-

Qualcomm ≫ Wcd9370 Firmware Version-

Qualcomm ≫ Wcd9370 Version-

Qualcomm ≫ Wcd9375 Firmware Version-

Qualcomm ≫ Wcd9375 Version-

Qualcomm ≫ Wcd9380 Firmware Version-

Qualcomm ≫ Wcd9380 Version-

Qualcomm ≫ Wcd9385 Firmware Version-

Qualcomm ≫ Wcd9385 Version-

Qualcomm ≫ Wcn3950 Firmware Version-

Qualcomm ≫ Wcn3950 Version-

Qualcomm ≫ Wcn3980 Firmware Version-

Qualcomm ≫ Wcn3980 Version-

Qualcomm ≫ Wcn3988 Firmware Version-

Qualcomm ≫ Wcn3988 Version-

Qualcomm ≫ Wcn3990 Firmware Version-

Qualcomm ≫ Wcn3990 Version-

Qualcomm ≫ Wcn3991 Firmware Version-

Qualcomm ≫ Wcn3991 Version-

Qualcomm ≫ Wcn3998 Firmware Version-

Qualcomm ≫ Wcn3998 Version-

Qualcomm ≫ Wcn6850 Firmware Version-

Qualcomm ≫ Wcn6850 Version-

Qualcomm ≫ Wcn6851 Firmware Version-

Qualcomm ≫ Wcn6851 Version-

Qualcomm ≫ Wsa8810 Firmware Version-

Qualcomm ≫ Wsa8810 Version-

Qualcomm ≫ Wsa8815 Firmware Version-

Qualcomm ≫ Wsa8815 Version-

Qualcomm ≫ Wsa8830 Firmware Version-

Qualcomm ≫ Wsa8830 Version-

Qualcomm ≫ Wsa8835 Firmware Version-

Qualcomm ≫ Wsa8835 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.152

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
product-security@qualcomm.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-30309

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-30309

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-30309

EUVD